@standardagents/builder 0.10.1-next.bbd142a → 0.11.0-next.99fb790

package/dist/built-in-routes.js

@@ -1,3 +1,4 @@
+import '@standardagents/spec';
 import { z } from 'zod';
 
 // ../../node_modules/.pnpm/rou3@0.7.10/node_modules/rou3/dist/index.mjs
@@ -77,8 +78,6 @@ function getParamRegexp(segment) {
   const regex = segment.replace(/:(\w+)/g, (_, id) => `(?<${id}>[^/]+)`).replace(/\./g, "\\.");
   return /* @__PURE__ */ new RegExp(`^${regex}$`);
 }
-
-// src/router/index.ts
 function defineController(controller) {
   return controller;
 }
@@ -145,8 +144,8 @@ var agents_get_default = defineController(async ({ agents, agentNames, prompts,
           side_a_stop_on_response: definition.sideA?.stopOnResponse !== void 0 ? definition.sideA.stopOnResponse : true,
           side_a_stop_tool: definition.sideA?.stopTool || null,
           side_a_stop_tool_response_property: definition.sideA?.stopToolResponseProperty || null,
-          side_a_max_turns: definition.sideA?.maxTurns || null,
-          side_a_end_conversation_tool: definition.sideA?.endConversationTool || null,
+          side_a_max_steps: definition.sideA?.maxSteps || null,
+          side_a_end_session_tool: definition.sideA?.endSessionTool || null,
           side_a_manual_stop_condition: definition.sideA?.manualStopCondition || false,
           // Side B configuration (if dual_ai)
           side_b_label: definition.sideB?.label || null,
@@ -155,16 +154,14 @@ var agents_get_default = defineController(async ({ agents, agentNames, prompts,
           side_b_stop_on_response: definition.sideB?.stopOnResponse !== void 0 ? definition.sideB.stopOnResponse : true,
           side_b_stop_tool: definition.sideB?.stopTool || null,
           side_b_stop_tool_response_property: definition.sideB?.stopToolResponseProperty || null,
-          side_b_max_turns: definition.sideB?.maxTurns || null,
-          side_b_end_conversation_tool: definition.sideB?.endConversationTool || null,
+          side_b_max_steps: definition.sideB?.maxSteps || null,
+          side_b_end_session_tool: definition.sideB?.endSessionTool || null,
           side_b_manual_stop_condition: definition.sideB?.manualStopCondition || false,
           // Session configuration
           max_session_turns: definition.maxSessionTurns || null,
           // Tool exposure
           expose_as_tool: definition.exposeAsTool || false,
           tool_description: definition.toolDescription || null,
-          // Tags
-          tags: definition.tags || [],
           created_at: Math.floor(Date.now() / 1e3)
         };
       } catch (error) {
@@ -733,10 +730,7 @@ var prompts_get_default = defineController(async ({ prompts, promptNames, models
           include_past_tools: definition.includePastTools || false,
           parallel_tool_calls: definition.parallelToolCalls || false,
           tool_choice: definition.toolChoice || "auto",
-          before_tool: definition.beforeTool || null,
-          after_tool: definition.afterTool || null,
           tools,
-          prompts: definition.handoffAgents || [],
           reasoning: definition.reasoning || null,
           created_at: Math.floor(Date.now() / 1e3)
         };
@@ -777,6 +771,11 @@ var providers_get_default = defineController(async ({ env }) => {
 
 // src/api/threads/index.post.ts
 var index_post_default3 = defineController(async ({ req, env }) => {
+  const authResult = await requireAuth(req, env);
+  if (authResult instanceof Response) {
+    return authResult;
+  }
+  const auth = authResult;
   let body;
   try {
     body = await req.json();
@@ -786,7 +785,8 @@ var index_post_default3 = defineController(async ({ req, env }) => {
       { status: 400 }
     );
   }
-  const { agent_id, user_id, initial_messages, data, tags } = body;
+  const { agent_id, initial_messages, data, tags } = body;
+  const user_id = auth.authType === "super_admin" ? null : auth.user.id;
   if (!agent_id) {
     return Response.json(
       { error: "Missing required field: agent_id" },
@@ -828,7 +828,7 @@ var index_post_default3 = defineController(async ({ req, env }) => {
   try {
     const thread = await agentBuilder.createThread({
       agent_name: agent_id,
-      user_id,
+      user_id: user_id ?? void 0,
       tags
     });
     return Response.json({
@@ -848,16 +848,32 @@ var index_post_default3 = defineController(async ({ req, env }) => {
 });
 
 // src/api/threads/index.ts
+function resolveIconUrl(icon, origin) {
+  if (!icon) return void 0;
+  if (icon.startsWith("http://") || icon.startsWith("https://")) {
+    return icon;
+  }
+  if (icon.startsWith("/")) {
+    return `${origin}${icon}`;
+  }
+  return icon;
+}
 var threads_default = defineController(async ({ req, env }) => {
   if (req.method !== "GET") {
     return new Response("Method Not Allowed", { status: 405 });
   }
+  const authResult = await requireAuth(req, env);
+  if (authResult instanceof Response) {
+    return authResult;
+  }
+  const auth = authResult;
   try {
     const url = new URL(req.url);
+    const origin = url.origin;
     const limit = parseInt(url.searchParams.get("limit") || "50", 10);
     const offset = parseInt(url.searchParams.get("offset") || "0", 10);
     const agentName = url.searchParams.get("agent_id");
-    const userId = url.searchParams.get("user_id");
+    const userId = auth.user.role === "admin" ? void 0 : auth.user.id;
     const agentBuilderId = env.AGENT_BUILDER.idFromName("singleton");
     const agentBuilder = env.AGENT_BUILDER.get(agentBuilderId);
     const result = await agentBuilder.listThreads({
@@ -872,11 +888,14 @@ var threads_default = defineController(async ({ req, env }) => {
         try {
           const agentDef = await agentBuilder.loadAgent(thread.agent_name);
           agentDetails = {
-            title: agentDef.title,
-            type: agentDef.type || "ai_human"
+            name: thread.agent_name,
+            title: agentDef.title || thread.agent_name,
+            type: agentDef.type || "ai_human",
+            description: agentDef.description,
+            icon: resolveIconUrl(agentDef.icon, origin)
           };
         } catch {
-          agentDetails = { title: thread.agent_name, type: "unknown" };
+          agentDetails = { name: thread.agent_name, title: thread.agent_name, type: "unknown" };
         }
         return {
           id: thread.id,
@@ -1065,6 +1084,7 @@ var index_get_default2 = defineController(async ({ req, env }) => {
 });
 
 // src/api/users/index.post.ts
+var VALID_ROLES = ["admin", "user"];
 var index_post_default4 = defineController(async ({ req, env }) => {
   try {
     const authResult = await requireAdmin(req, env);
@@ -1072,7 +1092,7 @@ var index_post_default4 = defineController(async ({ req, env }) => {
       return authResult;
     }
     const body = await req.json();
-    const { username, password, role = "admin" } = body;
+    const { username, password, role = "user" } = body;
     if (!username || !password) {
       return Response.json(
         { error: "Username and password are required" },
@@ -1097,6 +1117,12 @@ var index_post_default4 = defineController(async ({ req, env }) => {
         { status: 400 }
       );
     }
+    if (!VALID_ROLES.includes(role)) {
+      return Response.json(
+        { error: `Invalid role. Must be one of: ${VALID_ROLES.join(", ")}` },
+        { status: 400 }
+      );
+    }
     const agentBuilderId = env.AGENT_BUILDER.idFromName("singleton");
     const agentBuilder = env.AGENT_BUILDER.get(agentBuilderId);
     const existingUser = await agentBuilder.getUserByUsername(username);
@@ -1168,8 +1194,8 @@ var name_get_default = defineController(async ({ params, agents, prompts, prompt
       side_a_stop_on_response: definition.sideA?.stopOnResponse !== void 0 ? definition.sideA.stopOnResponse : true,
       side_a_stop_tool: definition.sideA?.stopTool || null,
       side_a_stop_tool_response_property: definition.sideA?.stopToolResponseProperty || null,
-      side_a_max_turns: definition.sideA?.maxTurns || null,
-      side_a_end_conversation_tool: definition.sideA?.endConversationTool || null,
+      side_a_max_steps: definition.sideA?.maxSteps || null,
+      side_a_end_session_tool: definition.sideA?.endSessionTool || null,
       side_a_manual_stop_condition: definition.sideA?.manualStopCondition || false,
       // Side B configuration (if dual_ai)
       side_b_label: definition.sideB?.label || null,
@@ -1178,16 +1204,14 @@ var name_get_default = defineController(async ({ params, agents, prompts, prompt
       side_b_stop_on_response: definition.sideB?.stopOnResponse !== void 0 ? definition.sideB.stopOnResponse : true,
       side_b_stop_tool: definition.sideB?.stopTool || null,
       side_b_stop_tool_response_property: definition.sideB?.stopToolResponseProperty || null,
-      side_b_max_turns: definition.sideB?.maxTurns || null,
-      side_b_end_conversation_tool: definition.sideB?.endConversationTool || null,
+      side_b_max_steps: definition.sideB?.maxSteps || null,
+      side_b_end_session_tool: definition.sideB?.endSessionTool || null,
       side_b_manual_stop_condition: definition.sideB?.manualStopCondition || false,
       // Session configuration
       max_session_turns: definition.maxSessionTurns || null,
       // Tool exposure
       expose_as_tool: definition.exposeAsTool || false,
       tool_description: definition.toolDescription || null,
-      // Tags
-      tags: definition.tags || [],
       created_at: Math.floor(Date.now() / 1e3)
     };
     return Response.json({ agent });
@@ -1300,10 +1324,7 @@ var name_get_default2 = defineController(async ({ params, prompts, models, model
       include_past_tools: definition.includePastTools || false,
       parallel_tool_calls: definition.parallelToolCalls || false,
       tool_choice: definition.toolChoice || "auto",
-      before_tool: definition.beforeTool || null,
-      after_tool: definition.afterTool || null,
       tools,
-      prompts: definition.handoffAgents || [],
       reasoning: definition.reasoning || null,
       created_at: Math.floor(Date.now() / 1e3)
     };
@@ -1317,8 +1338,24 @@ var name_get_default2 = defineController(async ({ params, prompts, models, model
   }
 });
 
+// src/utils/permissions.ts
+function canAccessThread(auth, thread) {
+  if (auth.user.role === "admin") {
+    return true;
+  }
+  if (thread.user_id === null) {
+    return false;
+  }
+  return thread.user_id === auth.user.id;
+}
+
 // src/api/threads/[id].delete.ts
 var id_delete_default2 = defineController(async ({ req, env, params }) => {
+  const authResult = await requireAuth(req, env);
+  if (authResult instanceof Response) {
+    return authResult;
+  }
+  const auth = authResult;
   const threadId = params.id;
   if (!threadId) {
     return Response.json({ error: "Missing thread ID" }, { status: 400 });
@@ -1332,6 +1369,12 @@ var id_delete_default2 = defineController(async ({ req, env, params }) => {
       { status: 404 }
     );
   }
+  if (!canAccessThread(auth, thread)) {
+    return Response.json(
+      { error: "Forbidden: You don't have access to this thread" },
+      { status: 403 }
+    );
+  }
   try {
     await agentBuilder.deleteThread(threadId);
     const durableId = env.AGENT_BUILDER_THREAD.idFromName(threadId);
@@ -1359,6 +1402,11 @@ var id_patch_default = defineController(async ({ req, env, params }) => {
   if (req.method !== "PATCH") {
     return new Response("Method Not Allowed", { status: 405 });
   }
+  const authResult = await requireAuth(req, env);
+  if (authResult instanceof Response) {
+    return authResult;
+  }
+  const auth = authResult;
   const threadId = params?.id;
   if (!threadId) {
     return Response.json({ error: "Thread ID required" }, { status: 400 });
@@ -1375,6 +1423,12 @@ var id_patch_default = defineController(async ({ req, env, params }) => {
         { status: 404 }
       );
     }
+    if (!canAccessThread(auth, existingThread)) {
+      return Response.json(
+        { error: "Forbidden: You don't have access to this thread" },
+        { status: 403 }
+      );
+    }
     const updates = {};
     if (tags !== void 0) {
       if (!Array.isArray(tags)) {
@@ -1447,12 +1501,42 @@ var id_patch_default = defineController(async ({ req, env, params }) => {
 });
 
 // src/api/threads/[id].ts
+function resolveIconUrl2(icon, origin) {
+  if (!icon) return void 0;
+  if (icon.startsWith("http://") || icon.startsWith("https://")) {
+    return icon;
+  }
+  if (icon.startsWith("/")) {
+    return `${origin}${icon}`;
+  }
+  return icon;
+}
 var id_default = defineController(async ({ req, params, env }) => {
+  const authResult = await requireAuth(req, env);
+  if (authResult instanceof Response) {
+    return authResult;
+  }
+  const auth = authResult;
   const threadId = params.id;
   if (!threadId) {
     return Response.json({ error: "Thread ID required" }, { status: 400 });
   }
   try {
+    const agentBuilderId = env.AGENT_BUILDER.idFromName("singleton");
+    const agentBuilder = env.AGENT_BUILDER.get(agentBuilderId);
+    const thread = await agentBuilder.getThread(threadId);
+    if (!thread) {
+      return Response.json(
+        { error: `Thread not found: ${threadId}` },
+        { status: 404 }
+      );
+    }
+    if (!canAccessThread(auth, thread)) {
+      return Response.json(
+        { error: "Forbidden: You don't have access to this thread" },
+        { status: 403 }
+      );
+    }
     const durableId = env.AGENT_BUILDER_THREAD.idFromName(threadId);
     const stub = env.AGENT_BUILDER_THREAD.get(durableId);
     const doData = await stub.getThreadMeta(threadId);
@@ -1462,6 +1546,10 @@ var id_default = defineController(async ({ req, params, env }) => {
         { status: 404 }
       );
     }
+    if (doData.agent?.icon) {
+      const origin = new URL(req.url).origin;
+      doData.agent.icon = resolveIconUrl2(doData.agent.icon, origin);
+    }
     return Response.json(doData);
   } catch (error) {
     console.error(`Error fetching thread ${threadId}:`, error);
@@ -1624,7 +1712,7 @@ var login_post_default = defineController(async ({ req, env }) => {
         { status: 400 }
       );
     }
-    if (env.SUPER_ADMIN_PASSWORD && password === env.SUPER_ADMIN_PASSWORD) {
+    if (env.SUPER_ADMIN_PASSWORD && username === "admin" && password === env.SUPER_ADMIN_PASSWORD) {
       if (!env.ENCRYPTION_KEY) {
         return Response.json(
           { error: "Server misconfigured: ENCRYPTION_KEY required for super admin" },
@@ -2077,7 +2165,48 @@ var logs_get_default = defineController(async ({ req, params, env }) => {
   }
 });
 
-// src/api/threads/[id]/message.post.ts
+// src/api/threads/[id]/messages.get.ts
+var messages_get_default = defineController(async ({ req, params, env }) => {
+  const url = new URL(req.url);
+  const threadId = params.id;
+  if (!threadId) {
+    return Response.json({ error: "Thread ID required" }, { status: 400 });
+  }
+  try {
+    const agentBuilderId = env.AGENT_BUILDER.idFromName("singleton");
+    const agentBuilder = env.AGENT_BUILDER.get(agentBuilderId);
+    const thread = await agentBuilder.getThread(threadId);
+    if (!thread) {
+      return Response.json(
+        { error: `Thread not found: ${threadId}` },
+        { status: 404 }
+      );
+    }
+    const limit = parseInt(url.searchParams.get("limit") || "100", 10);
+    const offset = parseInt(url.searchParams.get("offset") || "0", 10);
+    const order = url.searchParams.get("order") === "asc" ? "ASC" : "DESC";
+    const includeSilent = url.searchParams.get("includeSilent") === "true";
+    const maxDepth = parseInt(url.searchParams.get("depth") || "0", 10);
+    const durableId = env.AGENT_BUILDER_THREAD.idFromName(threadId);
+    const stub = env.AGENT_BUILDER_THREAD.get(durableId);
+    const result = await stub.getMessages(
+      limit,
+      offset,
+      order,
+      includeSilent,
+      maxDepth
+    );
+    return Response.json(result);
+  } catch (error) {
+    console.error(`Error fetching messages for thread ${threadId}:`, error);
+    return Response.json(
+      { error: error.message || "Failed to fetch messages" },
+      { status: 500 }
+    );
+  }
+});
+
+// src/api/threads/[id]/messages.post.ts
 function needsProcessing(base64Data, mimeType) {
   const binarySize = Math.ceil(base64Data.length * 3 / 4);
   const MAX_SIZE = 2 * 1024 * 1024;
@@ -2089,7 +2218,7 @@ function needsProcessing(base64Data, mimeType) {
   }
   return false;
 }
-var message_post_default = defineController(async ({ req, params, env }) => {
+var messages_post_default = defineController(async ({ req, params, env }) => {
   const threadId = params.id;
   if (!threadId) {
     return Response.json({ error: "Thread ID required" }, { status: 400 });
@@ -2148,9 +2277,6 @@ var message_post_default = defineController(async ({ req, params, env }) => {
         }
         const ext = mimeType === "image/png" ? "png" : mimeType === "image/jpeg" ? "jpg" : attachment.name.split(".").pop() || "bin";
         const path = `/attachments/${timestamp}-${attachmentId}.${ext}`;
-        const metadata = {};
-        if (width) metadata.width = width;
-        if (height) metadata.height = height;
         const base64Size = fileData.length;
         const binarySize = Math.ceil(base64Size * 3 / 4);
         console.log(`[writeFile] Storing ${attachment.name}: ${(binarySize / 1024 / 1024).toFixed(2)}MB binary (${(base64Size / 1024 / 1024).toFixed(2)}MB base64) to ${path}`);
@@ -2159,8 +2285,9 @@ var message_post_default = defineController(async ({ req, params, env }) => {
           fileData,
           mimeType,
           {
-            metadata: Object.keys(metadata).length > 0 ? metadata : void 0,
-            thumbnail: attachment.thumbnail
+            thumbnail: attachment.thumbnail,
+            width,
+            height
           }
         );
         console.log(`[writeFile] Result:`, result.success ? "success" : result.error);
@@ -2191,47 +2318,6 @@ var message_post_default = defineController(async ({ req, params, env }) => {
   }
 });
 
-// src/api/threads/[id]/messages.get.ts
-var messages_get_default = defineController(async ({ req, params, env }) => {
-  const url = new URL(req.url);
-  const threadId = params.id;
-  if (!threadId) {
-    return Response.json({ error: "Thread ID required" }, { status: 400 });
-  }
-  try {
-    const agentBuilderId = env.AGENT_BUILDER.idFromName("singleton");
-    const agentBuilder = env.AGENT_BUILDER.get(agentBuilderId);
-    const thread = await agentBuilder.getThread(threadId);
-    if (!thread) {
-      return Response.json(
-        { error: `Thread not found: ${threadId}` },
-        { status: 404 }
-      );
-    }
-    const limit = parseInt(url.searchParams.get("limit") || "100", 10);
-    const offset = parseInt(url.searchParams.get("offset") || "0", 10);
-    const order = url.searchParams.get("order") === "asc" ? "ASC" : "DESC";
-    const includeSilent = url.searchParams.get("includeSilent") === "true";
-    const maxDepth = parseInt(url.searchParams.get("depth") || "0", 10);
-    const durableId = env.AGENT_BUILDER_THREAD.idFromName(threadId);
-    const stub = env.AGENT_BUILDER_THREAD.get(durableId);
-    const result = await stub.getMessages(
-      limit,
-      offset,
-      order,
-      includeSilent,
-      maxDepth
-    );
-    return Response.json(result);
-  } catch (error) {
-    console.error(`Error fetching messages for thread ${threadId}:`, error);
-    return Response.json(
-      { error: error.message || "Failed to fetch messages" },
-      { status: 500 }
-    );
-  }
-});
-
 // src/api/threads/[id]/rpc.post.ts
 var rpc_post_default = defineController(async ({ req, params, env }) => {
   const threadId = params.id;
@@ -2323,6 +2409,23 @@ var stream_default = defineController(async ({ req, params, env }) => {
 });
 
 // src/api/threads/[id]/fs/[...path].ts
+var CHUNK_SIZE = 1.75 * 1024 * 1024;
+function toAttachmentRef(file) {
+  const metadata = file.metadata;
+  const width = file.width ?? metadata?.width;
+  const height = file.height ?? metadata?.height;
+  return {
+    id: file.path,
+    // Use path as unique ID
+    type: "file",
+    path: file.path,
+    name: file.name,
+    mimeType: file.mimeType,
+    size: file.size,
+    ...width && { width },
+    ...height && { height }
+  };
+}
 var path_default = defineController(async ({ req, params, env }) => {
   console.log("[fs] params received:", JSON.stringify(params));
   const threadId = params.id;
@@ -2336,11 +2439,30 @@ var path_default = defineController(async ({ req, params, env }) => {
   try {
     const durableId = env.AGENT_BUILDER_THREAD.idFromName(threadId);
     const stub = env.AGENT_BUILDER_THREAD.get(durableId);
+    const uploadMatch = path.match(/^(.+)\/upload\/(start|complete|chunk\/(\d+))$/);
+    if (uploadMatch) {
+      const filePath = uploadMatch[1];
+      const action = uploadMatch[2];
+      const chunkIndex = uploadMatch[3] ? parseInt(uploadMatch[3], 10) : void 0;
+      if (action === "start" && req.method === "POST") {
+        return handleChunkedUploadStart(stub, filePath, req);
+      }
+      if (action === "complete" && req.method === "POST") {
+        return handleChunkedUploadComplete(stub, filePath, req);
+      }
+      if (action.startsWith("chunk/") && req.method === "PUT" && chunkIndex !== void 0) {
+        return handleChunkedUploadChunk(stub, filePath, chunkIndex, req);
+      }
+      return Response.json(
+        { error: `Invalid upload action: ${action} with method ${req.method}` },
+        { status: 400 }
+      );
+    }
     switch (req.method) {
       case "GET":
         return handleGet(stub, path, url);
-      case "PUT":
-        return handlePut(stub, path, req);
+      case "POST":
+        return handlePost(stub, path, req);
       case "DELETE":
         return handleDelete(stub, path);
       default:
@@ -2407,6 +2529,9 @@ async function handleGet(stub, path, url) {
   if (acceptHeader === "json") {
     return Response.json({ file });
   }
+  if (file.isChunked && file.chunkCount) {
+    return streamChunkedFile(stub, path, file);
+  }
   const result = await stub.readFile(path);
   if (!result.success) {
     return Response.json({ error: result.error }, { status: 404 });
@@ -2424,7 +2549,40 @@ async function handleGet(stub, path, url) {
     }
   });
 }
-async function handlePut(stub, path, req) {
+function streamChunkedFile(stub, path, file) {
+  const { readable, writable } = new TransformStream();
+  const writer = writable.getWriter();
+  (async () => {
+    try {
+      for (let i = 0; i < file.chunkCount; i++) {
+        const result = await stub.readFileChunk(path, i);
+        if (!result.success) {
+          console.error(`Failed to read chunk ${i}:`, result.error);
+          break;
+        }
+        const binary = atob(result.data);
+        const bytes = new Uint8Array(binary.length);
+        for (let j = 0; j < binary.length; j++) {
+          bytes[j] = binary.charCodeAt(j);
+        }
+        await writer.write(bytes);
+      }
+    } catch (error) {
+      console.error("Error streaming chunked file:", error);
+    } finally {
+      await writer.close();
+    }
+  })();
+  return new Response(readable, {
+    headers: {
+      "Content-Type": file.mimeType,
+      "Content-Length": String(file.size),
+      "Content-Disposition": `inline; filename="${file.name}"`
+      // Note: We set Content-Length, but also use chunked transfer internally
+    }
+  });
+}
+async function handlePost(stub, path, req) {
   const contentType = req.headers.get("Content-Type") || "";
   if (contentType.includes("application/json")) {
     const body = await req.json();
@@ -2444,7 +2602,7 @@ async function handlePut(stub, path, req) {
       if (!result2.success) {
         return Response.json({ error: result2.error }, { status: 400 });
       }
-      return Response.json({ file: result2.file }, { status: 201 });
+      return Response.json(toAttachmentRef(result2.file), { status: 201 });
     }
     if (body.data) {
       const result2 = await stub.writeFile(path, body.data, body.mimeType || "application/octet-stream", {
@@ -2454,12 +2612,16 @@ async function handlePut(stub, path, req) {
       if (!result2.success) {
         return Response.json({ error: result2.error }, { status: 400 });
       }
-      return Response.json({ file: result2.file }, { status: 201 });
+      return Response.json(toAttachmentRef(result2.file), { status: 201 });
     }
     return Response.json({ error: "Invalid request body" }, { status: 400 });
   }
-  const data = await req.arrayBuffer();
   const mimeType = contentType.split(";")[0].trim() || "application/octet-stream";
+  const contentLength = parseInt(req.headers.get("Content-Length") || "0", 10);
+  if (contentLength > CHUNK_SIZE && req.body) {
+    return handleStreamingUpload(stub, path, mimeType, contentLength, req);
+  }
+  const data = await req.arrayBuffer();
   const bytes = new Uint8Array(data);
   let binary = "";
   for (let i = 0; i < bytes.length; i++) {
@@ -2470,7 +2632,65 @@ async function handlePut(stub, path, req) {
   if (!result.success) {
     return Response.json({ error: result.error }, { status: 400 });
   }
-  return Response.json({ file: result.file }, { status: 201 });
+  return Response.json(toAttachmentRef(result.file), { status: 201 });
+}
+async function handleStreamingUpload(stub, path, mimeType, totalSize, req) {
+  const startResult = await stub.startChunkedUpload(path, totalSize, mimeType, {});
+  if (!startResult.success) {
+    return Response.json({ error: startResult.error }, { status: 400 });
+  }
+  const reader = req.body.getReader();
+  let chunkIndex = 0;
+  let buffer = new Uint8Array(0);
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (value) {
+        const newBuffer = new Uint8Array(buffer.length + value.length);
+        newBuffer.set(buffer);
+        newBuffer.set(value, buffer.length);
+        buffer = newBuffer;
+        while (buffer.length >= CHUNK_SIZE) {
+          const chunk = buffer.slice(0, CHUNK_SIZE);
+          const base64 = arrayBufferToBase64(chunk);
+          const chunkResult = await stub.writeFileChunk(path, chunkIndex, base64);
+          if (!chunkResult.success) {
+            return Response.json({ error: chunkResult.error }, { status: 400 });
+          }
+          chunkIndex++;
+          buffer = buffer.slice(CHUNK_SIZE);
+        }
+      }
+      if (done) {
+        if (buffer.length > 0) {
+          const base64 = arrayBufferToBase64(buffer);
+          const chunkResult = await stub.writeFileChunk(path, chunkIndex, base64);
+          if (!chunkResult.success) {
+            return Response.json({ error: chunkResult.error }, { status: 400 });
+          }
+          chunkIndex++;
+        }
+        break;
+      }
+    }
+    const completeResult = await stub.completeChunkedUpload(path, chunkIndex, {});
+    if (!completeResult.success) {
+      return Response.json({ error: completeResult.error }, { status: 400 });
+    }
+    return Response.json(toAttachmentRef(completeResult.file), { status: 201 });
+  } catch (error) {
+    console.error("Streaming upload failed:", error);
+    return Response.json({ error: error.message || "Upload failed" }, { status: 500 });
+  }
+}
+function arrayBufferToBase64(bytes) {
+  const BATCH_SIZE = 32768;
+  let binary = "";
+  for (let i = 0; i < bytes.length; i += BATCH_SIZE) {
+    const slice = bytes.subarray(i, Math.min(i + BATCH_SIZE, bytes.length));
+    binary += String.fromCharCode.apply(null, slice);
+  }
+  return btoa(binary);
 }
 async function handleDelete(stub, path) {
   const statResult = await stub.statFile(path);
@@ -2491,6 +2711,61 @@ async function handleDelete(stub, path) {
   }
   return new Response(null, { status: 204 });
 }
+async function handleChunkedUploadStart(stub, filePath, req) {
+  const body = await req.json();
+  if (!body.totalSize || !body.mimeType) {
+    return Response.json(
+      { error: "totalSize and mimeType are required" },
+      { status: 400 }
+    );
+  }
+  const result = await stub.startChunkedUpload(filePath, body.totalSize, body.mimeType, {
+    metadata: body.metadata,
+    width: body.width,
+    height: body.height
+  });
+  if (!result.success) {
+    return Response.json({ error: result.error }, { status: 400 });
+  }
+  return Response.json({
+    chunkSize: result.chunkSize,
+    expectedChunks: result.expectedChunks,
+    path: filePath
+  });
+}
+async function handleChunkedUploadChunk(stub, filePath, chunkIndex, req) {
+  const data = await req.arrayBuffer();
+  const bytes = new Uint8Array(data);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  const base64 = btoa(binary);
+  const result = await stub.writeFileChunk(filePath, chunkIndex, base64);
+  if (!result.success) {
+    return Response.json({ error: result.error }, { status: 400 });
+  }
+  return Response.json({
+    chunkIndex,
+    received: data.byteLength
+  });
+}
+async function handleChunkedUploadComplete(stub, filePath, req) {
+  const body = await req.json();
+  if (typeof body.expectedChunks !== "number") {
+    return Response.json(
+      { error: "expectedChunks is required" },
+      { status: 400 }
+    );
+  }
+  const result = await stub.completeChunkedUpload(filePath, body.expectedChunks, {
+    thumbnail: body.thumbnail
+  });
+  if (!result.success) {
+    return Response.json({ error: result.error }, { status: 400 });
+  }
+  return Response.json(toAttachmentRef(result.file), { status: 201 });
+}
 
 // src/api/threads/[id]/logs/[logId].get.ts
 var logId_get_default = defineController(async ({ req, params, env }) => {
@@ -2654,11 +2929,13 @@ var routeHandlers = {
   "GET:/threads/:id/cost": cost_get_default,
   "GET:/threads/:id/fs": fs_default,
   "GET:/threads/:id/logs": logs_get_default,
-  "POST:/threads/:id/message": message_post_default,
   "GET:/threads/:id/messages": messages_get_default,
+  "POST:/threads/:id/messages": messages_post_default,
   "POST:/threads/:id/rpc": rpc_post_default,
   "POST:/threads/:id/stop": stop_post_default,
   "GET:/threads/:id/stream": stream_default,
+  "DELETE:/threads/:id/fs/**": path_default,
+  "POST:/threads/:id/fs/**": path_default,
   "GET:/threads/:id/fs/**": path_default,
   "GET:/threads/:id/logs/:logId": logId_get_default,
   "DELETE:/threads/:id/messages/:messageId": messageId_delete_default,